Site logo

Email-based Cyber Incident Takes Security Staff an Average of 86 Hours to Address

Perception Point, recently announced the publication of a new report, ‘The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels‘. The report, based on a survey conducted in conjunction with Osterman Research, evaluates the responses of security and IT decision-makers at large enterprises and reveals numerous significant findings about today’s enterprise threat landscape.

One key takeaway is that organizations are paying a hefty $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers, meaning that a 500-employee company spends on average $600,000 USD on an annual basis. This substantial figure excludes compliance fines, ransomware mitigation costs, and business losses from non-operational processes, all of which can cause costs to climb much higher. Cybersecurity incidents can lead to costly and time-consuming incident response processes that put a strain on an organization’s resources.

The past few years have witnessed the rapid adoption of new cloud collaboration apps, cloud storage and services for employee productivity and external collaboration as organizations across the world have embraced new work patterns. Threat actors have pivoted their attack toolkits to extend beyond email and the web browser to the new apps and services that enterprises have adopted. Although many of these new tools have only been around for a few years, the report finds that malicious incidents against these new cloud-based apps and services already occur at 60% of the frequency with which they occur on email-based services, with some attacks, like those involving malware installed on an endpoint, occurring on cloud collaboration apps at 87% of the frequency with which they occur on email-based services.

Additionally, the report highlights that a successful email-based cyber incident takes security staff an average of 86 hours to address. As a result, one security professional, with no support, can only handle 23 email incidents per year, representing a direct cost of $6,452 per incident in time alone. Incidents that have been detected on cloud collaboration apps or services take on average 71 hours to resolve, meaning that one professional can handle 28 incidents per year at an average cost of $5,305 per incident. Enterprises should be consolidating their security stack for more holistic and efficient threat protection, as well as leveraging managed services to support their security teams with scalable and flexible incident response capabilities.

“The Perception Point-Osterman report supports cybersecurity leaders’ assessments of the expanding threat landscape trends and how they impact companies’ bottom lines,” said Yoram Salinger, CEO of Perception Point. “These findings demonstrate the urgent need for organizations to find the most accurate and efficient cybersecurity solutions which provide the necessary protection with streamlined processes and managed services, in particular with enterprises increasingly prioritizing value for money in today’s challenging economic environment. Moreover, the rapid growth of non-email-based threats crucially underscores the need for security teams to keep up with emerging trends, especially as the modern work environment is in flux and the number of cloud-based collaboration tools that organizations rely on is only likely to expand.”

Additional findings include:

  • More Boots on the Ground: All organizations plan to deploy at least one new security tool to combat threats over the coming year, and 69% plan to deploy three or more.
  • Forecasting Expanded Cloud Cover: 80% of respondents believe that new channels, including cloud collaboration apps and web browsers, will be “important” or “extremely important” for employee productivity by 2024. This figure is an increase on the 68% who consider these channels “important” or “extremely important” today, and 33% who thought the same two years ago.
  • Increased Vulnerability to Infiltration: Half of all organizations use six or more different communication and collaboration tools; some 19% (almost one-fifth) use nine. Using such a wide range of tools increases the amount of vectors which attackers can target.
  • Always Darkest Before the Dawn: More than 70% of respondents believe that the frequency of security threats will remain the same or increase over the next two years
  • They’re Only Getting Smarter: All types of attacks are getting more sophisticated, but this is especially the case for attacks against cloud collaboration apps and services. 72% of respondents indicated that attacks against cloud storage services have grown more sophisticated over the past year, compared to 57% who stated that attacks against email have grown more sophisticated. This trend is especially concerning given the rapid rate of adoption of new cloud-based apps and services.

“With cloud collaboration apps and services now complementing email as a cornerstone of any enterprise’s workflow, modern cybersecurity solutions must adapt to encompass the totality of channels and threat types,” said Michael Sampson, Senior Analyst, Osterman Research. “Organizations cannot afford – financially or reputationally – to rely on outdated approaches. Our survey demonstrates the clear need for agile and holistic threat prevention solutions, and organizations which embrace these conclusions stand to set themselves apart from their competitors amidst today’s fast-evolving circumstances.”

Enterprises should be looking at ways to expand the reach of their security processes in order to holistically protect and remediate the threats targeting them, to protect their bottom lines. Fast, holistic, and accurate threat prevention across all channels is singularly important in an era of increasingly frequent and sophisticated cyber incidents.

The full report, including complete survey data, can be viewed here.

Perception Point will be hosting a webinar to discuss the results of the investigation and recommendations for future action on January 24th 2023. More information on the webinar can be found here.

Comments

  • No comments yet.
  • Add a comment